Request for update to OpenTTD
Christopher Halse Rogers
chalserogers at gmail.com
Tue Aug 26 05:54:52 BST 2008
On 8/26/08, Danté Jones <dante.jones at gmail.com> wrote:
> Greetings & Salutations,
>
> The OpenTTD package in the Hardy repository is currently:
>
> Version: 0.6.0-2
> Priority: optional
> Section: multiverse/games
>
> The current stable version of OpenTTD is 0.6.2 which fixes a buffer
> overrun which can be remotely exploited.
>
> http://www.openttd.org/downloads.php
>
> Could you please update the version OpenTTD in Hardy to the current
> stable, 0.6.2.
>
Package versions in an Ubuntu release almost never change - one of the
goals of the stable release is to be stable in the sense of "will do
the same thing tomorrow as it did today".
For serious regressions and security problems (as this may well be),
we have stable release update process. For this, it would involve
patching the vulnerability rather than packaging the new version.
That said, the debian bug report[1] suggests that patching will result
in a incompatible server. I'm not sure what we want to do about it.
I've opened a bug[2] against hardy; further discussion should probably
go there.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493714
[2] https://bugs.edge.launchpad.net/ubuntu/+source/openttd/+bug/261373
More information about the Ubuntu-motu
mailing list